System and Method to Identify Abnormalities to Continuously Measure Transaction Risk

1. A system for using user entity behavior based information for providing and restricting access to a secure computer network comprising: a processor coupled to a network interface, the processor configured to: capture contextual factors of a user entity interacting with a mobile device, wherein the contextual factors include user entity behavior, characteristics of the mobile device, characteristics of a browser, and network traffic; receive a transaction request from the mobile device; calculate a transaction risk and confidence score for the transaction request based on the contextual factors; and compare the transaction risk and confidence score to a predetermined threshold risk score to determine whether the transaction request is approved.

2. The system of claim 1 , wherein a plurality of contextual factors required are increased depending on the level of risk of the transaction request.

3. The system of claim 1 , wherein the contextual factors include at least one from the group consisting of: network unique attribute data collection and fingerprinting; browser unique attribute data collection and fingerprinting; and device fingerprinting.

4. The system of claim 1 , further comprising: measuring the transaction risk through a search and match against a set of static and dynamic attributes using a user, browser traffic, device search and match engine.

5. The system of claim 1 , further comprising verifying the identity of the user entity using out-of-band confirmation.

6. The system of claim 5 , wherein the out-of-band confirmation is performed using at least one from a group consisting of: email, short message service (sms), voice, push, and voice call.

7. The system of claim 1 , wherein the contextual factors may further include at least one of the group of egocentric or allocentric factors consisting of: mobile device model, mobile device hardware configuration, mobile device operating system, mobile device applications, mobile device web browser version, service set identifier (SSID) of the network WiFi, network information such as IP address, object classes transferred, screen size, font size, language, user entity habits including speed and style of user keyboard entry, mouse strokes, screen touch, adjacent companion mobile device in proximity, biobehavioral data derived from the user entity such as walking gait, trusted locations of the user, haptic-tactic factors derived from hardware sensors embedded inside the device, various specialized sensor data captured by the hardware such as ambient noise, temperature, discrete movement and location of the mobile device, walking and exercise habits of owner, user entity location and user entity driving, transactions on mobile including services, applications used and their frequency and duration including calls, browsing, use of various applications, and exercise routines.

8. A method for using user entity behavior based information for providing and restricting access to a secure computer network comprising: capturing contextual factors of a user entity interacting with a mobile device, wherein the contextual factors include user entity behavior, characteristics of the mobile device, characteristics of a browser, and network traffic; receiving a transaction request from the mobile device; calculating a transaction risk and confidence score for the transaction request based on the contextual factors; and comparing the transaction risk and confidence score to a predetermined threshold risk score to determine whether the transaction request is approved.

9. The method of claim 8 , wherein a plurality of contextual factors required are increased depending on the level of risk of the transaction request.

10. The method of claim 8 , wherein the contextual factors include at least one from the group consisting of: network unique attribute data collection and fingerprinting; browser unique attribute data collection and fingerprinting; and device fingerprinting.

11. The method of claim 8 , further comprising: measuring the transaction risk through a search and match against a set of static and dynamic attributes using a user, browser traffic, device search and match engine.

12. The method of claim 8 , further comprising: verifying the identity of the user entity using out-of-band confirmation.

13. The method of claim 12 , wherein the out-of-band confirmation is performed using at least one from a group consisting of: email, short message service (sms), voice, push, and voice call.

14. The method of claim 1 , wherein the contextual factors may further include at least one of the group of egocentric or allocentric factors consisting of: mobile device model, mobile device hardware configuration, mobile device operating system, mobile device applications, mobile device web browser version, service set identifier (SSID) of the network WiFi, network information such as IP address, object classes transferred, screen size, font size, language, user entity habits including speed and style of user keyboard entry, mouse strokes, screen touch, adjacent companion mobile device in proximity, biobehavioral data derived from the user entity such as walking gait, trusted locations of the user, haptic-tactic factors derived from hardware sensors embedded inside the device, various specialized sensor data captured by the hardware such as ambient noise, temperature, discrete movement and location of the mobile device, walking and exercise habits of owner, user entity location and user entity driving, transactions on mobile including services, applications used and their frequency and duration including calls, browsing, use of various applications, and exercise routines.